Mutliple SQL Injection Security Vulnerabilities

[tch1bo]

Hello,

I noticed several SQL Injections in skyline/webapp/ionosphere_backend.py.

skyline/skyline/webapp/ionosphere_backend.py

Line 1537 in 2faefc8

for row in engine.execute(stmt):

Unsanitized user input from HTTP parameters:

1. from_timestamp (line 1200)
2. until_timestamp (line 1217)
3. generation_greater_than (line 1233)
4. layers_id_greater_than (line 1245)
5. matched_greater_than (line 1275)

are used to build an SQL query, which then gets executed. This allows attackers to own the database (see the OWASP page above for a complete list of risks).

Same story in line

skyline/skyline/webapp/ionosphere_backend.py

Line 1363 in 2faefc8

results = connection.execute(metrics_like_query)

and argument metric_like (line 1352).

If this code is running on a publicly available server, then this is a serious security risk and you might want to fix it. As a fix i would advise using prepared statements.

I found the bug while testing DeepCode’s AI Code Review. The tool can help you automate the process of finding such (and many other types of) bugs. You can sign-up your repo (free for Open Source) to receive notifications whenever new bugs are detected. You can give it a try here.

Any feedback is more than welcome at chibo@deepcode.ai.
Cheers, Victor.

[earthgecko]

Please refer to #85 (comment)